In this webinar we talk about how the cloud security landscape continues to evolve, then show you a demo of how enterprises are using RightScale to help them securely manage all their cloud infrastructure.
Key Topics:
1. Understanding the security requirements of cloud
2. Security certifications among cloud providers
3. Managing secure & compliant cloud-enabled organizations
4. Live demo of the RightScale approach
2. • Bart Falzarano
Director of Security & Compliance, RightScale
• Roberto Monge
Cloud Solutions Engineer, RightScale
Q&A
• Steve Kochenderfer
Sales Development Representative, RightScale
Please use the “Questions” window to ask questions at any time
Your Panel Today
3. • Data Breaches/Security Threats
• Evaluating Security of IaaS providers
• Addressing Security Gaps with Vanilla/Out-of-the-Box Cloud
Infrastructure
• Live Demo of the RightScale Approach
• Q & A
Agenda
4. Data Breaches Occur Everywhere
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
5. • Data Breaches
-Misconfigurations/Improper Design
• Data Loss
-Cloud Provider suffers Data loss or Customer loses encryption keys
• Account Hijacking
-Phishing, Cross-Site Scripting XSS bugs
• Secret keys sniffed on the network or stored on Laptops/Desktops
• Denial of Service DoS & DDoS attacks
• Malicious Insiders
• Abuse of Cloud Services
-Use array of servers to stage DDoS, crack encryption keys, distribute malware
Most Threats are Not Cloud Specific
6. Evaluating the Security of IaaS Cloud Providers
Cloud
Provider PCIDSS1
HIPAA
SSAE16
ISO27001
CSA
FedRAMP
Additional certifications, notes, and references
SOC1 SOC2 SOC
3
Amazon AWS
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
ITAR, FIPS140-2, DIACAP, FISMA
Amazon AWS GovCloud (US) environment
FedRAMP issued for both AWS GovCloud (US) and AWS US
East/West regions
For complete scope reference:
http://aws.amazon.com/compliance/
Microsoft
Windows
Azure
-
✔ ✔ ✔
-
✔ ✔ ✔
CSA CCM audit completed as part of their SOC2 assessment
For complete scope reference:
http://www.windowsazure.com/en-us/support/trust-center/compliance/
Rackspace
✔
-
✔ ✔ ✔ ✔
- - Safe Harbor Certified – EU Directive 95/46/EC on the protection of
personal data
SOC2 -Security and Availability Only
For complete scope reference:
http://www.rackspace.com/about/whyrackspace/
Google
Compute
Engine
-
✔ ✔ ✔ ✔ ✔
- - Data is encrypted on local ephemeral disk and persistent disk. All
data written to disk in Compute Engine is encrypted at rest using the
AES-128-CBC algorithm
For complete scope reference:
https://cloud.google.com/products/compute-engine/
7. Public Clouds Expand Security Capabilities
Network Security
• Secure access with SSL
• VPC and ingress/egress
firewalls
• Private subnets w/VPC &
IPSEC VPN
• Dedicated connections
(Direct Connect),
• Separate Regions
(GovCloud)
Data Security
• Advanced Encryption
Standard (AES) 256, a
secure symmetric-key
encryption standard using
256-bit encryption keys
• AWS: HSM to manage keys
• Google: Encrypts data at
rest
• Role-Based Access Control
& MFA
Process Security
• Strong physical security
controls
• Self-service provisioning and
automation to avoid human
errors
• Deep security expertise at
cloud providers
• Support for customer
penetration testing
• Network monitoring and
protection
8. Place Cloud Beginners Cloud Focused
#1 Security (31%) Compliance (18%)
#2 Compliance (30%) Cost (17%)
#3 Managing multiple cloud
services (28%)
Performance (15%)
#4 Integration to internal
systems (28%)
Managing multiple cloud
services (13%)
#5 Governance/Control (26%) Security (13%)
Experience in the Cloud Changes Issues
Top 5 Challenges Change with Cloud Maturity
Source: RightScale 2014 State of the Cloud Report
9. Enterprises Choosing Multi-Cloud
Single private
9%
Single public
13%
No plans
4% Multiple private
11%
Multiple public
15%
Hybrid cloud
48%
74%
Enterprise Cloud Strategy
1000+ employees
Multi-Cloud
74%
Source: RightScale 2014 State of the Cloud Report
10. Application
Portfolio
Requirements
Filters
Resource
Pools
App 1
App 2
App 3
Performance
Cost
Compliance
Geo-location
Security
Multi-Cloud is an Enterprise Reality
App N
…
Hosted Private
Public Cloud 2
Public Cloud 1
Vendors
Existing DC
App 4
App 5 Internal Private
Virtualized
App 1 App 2
App 3
App 4 App 5
App 6
App 7
11. • Cloud Management & API differences across cloud providers
• Identity & Access Management / Access Control
• Change & Configuration Management
• Network & Data Security
• Business Continuity Planning/ Disaster Recovery
• Monitoring/Alerting Incident Response and Assessment
• Audit and Compliance
Security Gaps Remain
12. How RightScale Addresses The Gaps
Standardize & Automate
Baseline Security / Standardized
configurations, track versions,
automate patching, monitoring,
alerting, etc.
Multi-Cloud
Govern many clouds with
a single pane of glass
Outage-Proof & DR
Ensure applications stay up
during cloud or data center
outages
Audit & Compliance
Maintain a complete audit trail
and comply with regulations
Network & Data Security
Manage cloud network
configurations and encrypt data
Access Control
Integrate to SSO and control
access to cloud credentials
14. Be Ready To Manage a Portfolio of Clouds
Your Cloud Portfolio
Self-Service Cloud AnalyticsCloud Management
Manage Govern Optimize
RightScale Cloud Portfolio Management
Public
Clouds
Private
Clouds
Virtualized
Environments
15. Single pane of glass
o Deep integration to public
and private cloud
providers
o Elevates:
• Configurations
• APIs
• Automation behaviors
• Access control
• Billing and governance
o Deploy to clouds and
virtualized environment
o Move between clouds
and virtualized
Manage Public, Private and Virtualized
On-premises
Private
Clouds
RightScale Cloud Portfolio Management
Corporate Firewall
RightScale Cloud
Appliance for vSphere
vCenter Server™
ESXi
VMware® vSphere®
Public
Clouds
Egress only option
16. Robust Governance
• API or GUI account
provisioning
• Temporary users
• SSO integration
• SAML or OpenID
• Role based access control
• Hierarchical organization
of accounts
• Limit access to cloud
credentials
• Cloud resources isolated
per account
Control Enterprise Access
17. Enforce Policies
o Pre-defined stacks to
meet corporate standards
o Configured to your
security requirements
o Define which clouds can
be used
o Control user options and
choices
o Control costs through
quotas
From Rogue to Policy-Based Cloud Usage
18. Enforce standards
o Automate provisioning and
configuration across
clouds
o Version-controlled
o Follow standards for
versions, patches and
configuration
o Leverage a variety of
scripting languages
Standardize with ServerTemplates
http://www.rightscale.com/blog/cloud-management-best-practices/rightscale-servertemplates-explained
19. Enforce standards
o Modular building block
approach to managing and
securing server
configurations
o Automate baseline
security settings / system
hardening configurations
o Version-controlled / Anti-
tamper
o Perform system and
security configuration
audits
Enforce Security Configuration Baselines with ServerTemplates
20. Repeatability and Consistency
RightScale Solution
• Scalable campaigns on tight deadlines
• Clone-able, customizable environments
• Deliver SLAs during huge traffic spikes
• Control infrastructure costs for clientsIncrease Investment Flexibility
Reduce Risk
Improve IT Efficiency
21. Monitor, Alert, Automate
o Application, cluster and
server-level monitoring
o 80 built-in server, volume,
database, and application
monitors.
o Assign alerts to any
metric.
o Customize escalations
o Trigger automated scaling,
operational scripts, and
notifications
o Create self-healing
servers and deployments
Keep Tabs on All Cloud Resources in One Place
22. Ensure compliance
o See who changed what
and when
o Provide audit logs and
reports to satisfy
regulators
o Available via API to
integrate with other
systems
Gain Visibility with Audit Trails
23. Intimately Understand
your Cloud Spend
o Quickly identify &
diagnose spikes in activity
o Visibility by project & user
o Planning and forecasting
o Budgets and cost controls
o Allocations
o Chargeback and
showback
o Optimize spend
Maintain a Pulse on your Cloud Costs
24. Secure Cloud with Network Manager
Clouds
Networks
Instances
Subnets
IP Address Bindings
Security Groups
Network ACLs
Routing Tables
IP Addresses
Abstract Network Security
o Manage network
configuration across
clouds
• VPCs
• Subnets
• Security groups
• Network gateways
o Maintain ability to leverage
cloud-specific features
o Control permissions and
audit changes to network
configuration
o API and UI access
25. Visualize Security
o Visualize and audit
network configuration
parameters
o Understand which
deployments and security
groups have which ports
open to which IP
addresses
View Network Security in Context
26. Protect Confidential Information
RightScale Solution
• Protect PII
• Deliver visibility & governance
• Optimize lifecycle automation
“RightScale gives us visibility.
It helped us develop trust with
security, finance, development
and management.”
-John Fitch
Accelerate Application Delivery
Reduce Risk
28. Outage-Proof with Independent Control Plane
Replicate >
< Failover> < Failover>
Your Public
Cloud A
RightScale
Primary
RightScale
Backup
Your Public
Cloud B
Your Private
Cloud
RightScale UI RightScale API
User BUser A User C
Globally Hosted
Scalable
Resilient
SaaS Platform
Your Cloud
Applications
Secure authentication
and communication
31. o U.S.-EU Safe Harbor Framework
o U.S.-Swiss Safe Harbor Framework
o SSAE16 SOC1Type II & SOC2 Type II (in process)
RightScale Certifications
32. Next Steps and Q&A
• Talk to us today about your requirements:
+1 888-989-1856
• Learn more – request more info:
• RightScale Security White Paper
• ServerTemplates and HSM configuration
brief
• Try RightScale Today:
www.rightscale.com/free-trial